Sponsored By

malurogo

Members
  • Content Count

    9
  • Joined

  • Last visited

Everything posted by malurogo

  1. Hi guys, Hope this find you all well and free of credit crunch and other woes. Got a problem I'm hoping someone can help me with. Both my Cd drive and DVD drive display the same message when I left click on them E or F is not accesible acees denied. Strangely enough this only happens on one of the two accounts. I recently installed an external hard drive and upgraded from Office 2003 to 2007. Not sure this has anything to do with it. Can anyone help please? Ta
  2. Hi Sari, Things seem to be a lot better, thank yoy very much for all your help. you guys do a great job!! Take care Marco
  3. Hi Sari, Sorry for the delay in replying. I've followed all your instructions and attached both reports you asked for. A funny thing happened: my Antivirus programme expired and on downloading the new one, thus getting rid of the older version, things seem to have got a lot better. My homepage is not longer hijacked. Could it be that the virus was in my antivitus programme? Thanks Marco log.txt main.txt
  4. Hi Sari, Here are the logs you asked for: ComboFix 07-11-08.1 - Owner 2007-11-07 17:45:42.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.118 [GMT 0:00] Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\pack.epk c:\WINDOWS\system32\fxgenyl.dat c:\windows\system32\fxgenyl.exe C:\WINDOWS\system32\fxgenyl_nav.dat C:\WINDOWS\system32\fxgenyl_navps.dat C:\WINDOWS\system32\nvs2.inf C:\WINDOWS\system32\u2g.f C:\WINDOWS\system32\winiconmon.ico C:\WINDOWS\system32\winiconmon.ico.bak0 . ((((((((((((((((((((((((( Files Created from 2007-10-08 to 2007-11-08 ))))))))))))))))))))))))))))))) . 2007-11-07 17:44 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-05 13:17 <DIR> d-------- C:\Program Files\Navilog1 2007-10-28 19:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2007-10-25 13:09 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-10-25 13:09 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-10-25 13:09 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-10-25 13:09 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-10-25 13:09 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-10-24 18:14 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-10-24 18:02 3,942 --a------ C:\WINDOWS\system32\tmp.reg 2007-10-22 18:50 <DIR> d-------- C:\Deckard 2007-10-22 18:11 <DIR> d-------- C:\Program Files\Video Add-on 2007-10-10 09:32 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-28 19:09 --------- d-----w C:\Program Files\Apple Software Update 2007-10-24 23:10 --------- d-----w C:\Program Files\QuickTime 2007-10-24 23:06 --------- d-----w C:\Program Files\iTunes 2007-10-24 22:57 --------- d-----w C:\Program Files\Ares 2007-10-24 19:50 --------- d-----w C:\Program Files\Common Files\Adobe 2007-10-24 07:52 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM 2007-10-22 18:53 --------- d-----w C:\Program Files\Trend Micro 2007-09-28 08:28 --------- d-----w C:\Program Files\DC++ 2007-09-15 19:45 --------- d-----w C:\Program Files\Mordor II 2007-09-11 16:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent 2007-09-10 18:25 --------- d-----w C:\Program Files\WildGames 2007-09-10 16:25 --------- d-----w C:\Program Files\DevastationZoneTroopers_at 2007-09-10 15:28 --------- d-----w C:\Program Files\The Dark Legions 2007-09-10 15:27 --------- d-----w C:\Program Files\MrRobot 2007-09-10 15:26 --------- d-----w C:\Program Files\Crimsonland 2007-09-10 11:27 86,528 ----a-w C:\WINDOWS\bnetunin.exe 2007-09-10 11:27 61,440 ----a-w C:\WINDOWS\diabswun.exe 2007-09-10 10:06 --------- d-----w C:\Program Files\Virtual Villagers 2007-09-03 15:28 276,480 ----a-w C:\WINDOWS\system32\tyekjvcbnm.exe 2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-04-16 16:24 25,980,320 ----a-w C:\Program Files\FLV PlayerRCSetup.exe 2007-04-16 16:24 2,874,926 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe 2006-12-06 19:52 1,703 ----a-w C:\Program Files\tileb-hx.ide . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B499D34E-58EF-4927-AB9F-7AF52B2C4C82}] 2007-10-24 17:48 11264 --a------ C:\Program Files\Video Add-on\isfmdl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}"= C:\Program Files\Video Add-on\ictmdl.dll [2007-10-22 18:11 78336] [HKEY_CLASSES_ROOT\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}"= C:\Program Files\Video Add-on\ictmdl.dll [2007-10-22 18:11 78336] [HKEY_CLASSES_ROOT\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-10-02 13:37] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-10-02 13:19] "rsy32"="C:\WINDOWS\System32\rsy32.exe" [] "LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2005-07-19 17:32] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14] "pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe" [2006-03-08 13:30] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 23:14] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 12:19] "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32] "NapsterShell"="C:\Program Files\Napster\napster.exe" [] "Picasa Media Detector"="D:\new\my documents\My Downloads\Picasa2\PicasaMediaDetector.exe" [2006-12-12 00:36] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-04-06 09:17] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24] "ares"="C:\Program Files\Ares\Ares.exe" [2007-05-14 22:37] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Picasa Media Detector"=D:\new\my documents\My Downloads\Picasa2\PicasaMediaDetector.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-04-06 09:17:02] TalkTalk SNU5630NS 05 Wireless USB Adapter.lnk - C:\Program Files\TalkTalk\TalkTalk SNU5630NS 05 Wireless USB Adapter Utility\TTUSBBGMonitor.exe [2006-06-09 16:57:50] S2 Windows Security Manager;Windows Security Manager;"C:\WINDOWS\system32\vcmon.exe" S3 CPTWGU(TalkTalk);TalkTalk SNU5630NS/05 Wireless USB Adapter(TalkTalk);C:\WINDOWS\system32\DRIVERS\CPTWGU.sys . Contents of the 'Scheduled Tasks' folder "2007-11-01 13:03:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-11-07 17:37:58 C:\WINDOWS\Tasks\User_Feed_Synchronization-{6144042F-5447-427E-8D14-3D5A94F277F8}.job" - C:\WINDOWS\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-08 17:48:41 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-08 17:49:18 . --- E O F --- Deckard's System Scanner v20071014.68 Run by Owner on 2007-11-08 17:50:00 Computer is in Normal Mode. -------------------------------------------------------------------------------- Total Physical Memory: 510 MiB (512 MiB recommended). -- HijackThis (run as Owner.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:50:26, on 08/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe D:\new\my documents\My Downloads\Picasa2\PicasaMediaDetector.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Ares\Ares.exe C:\Program Files\TalkTalk\TalkTalk SNU5630NS 05 Wireless USB Adapter Utility\TTUSBBGMonitor.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Owner\Desktop\dss.exe C:\WINDOWS\system32\msfeedssync.exe D:\NAPO\MYDOCU~1\MYDOWN~1\Owner.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {B499D34E-58EF-4927-AB9F-7AF52B2C4C82} - C:\Program Files\Video Add-on\isfmdl.dll O3 - Toolbar: IE Custom Tools - {6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16} - C:\Program Files\Video Add-on\ictmdl.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [rsy32] C:\WINDOWS\System32\rsy32.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray O4 - HKLM\..\Run: [Picasa Media Detector] D:\new\my documents\My Downloads\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: TalkTalk SNU5630NS 05 Wireless USB Adapter.lnk = C:\Program Files\TalkTalk\TalkTalk SNU5630NS 05 Wireless USB Adapter Utility\TTUSBBGMonitor.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1165445224218 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165447675281 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/NewUploader/ImageUploader4.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/prequal/MotivePreQual.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe O23 - Service: Windows Security Manager - Unknown owner - C:\WINDOWS\system32\vcmon.exe (file missing) -- End of file - 7897 bytes -- Files created between 2007-10-08 and 2007-11-08 ----------------------------- 2007-11-05 13:17:38 0 d-------- C:\Program Files\Navilog1 2007-10-28 19:09:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple 2007-10-25 13:09:47 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-10-25 13:09:47 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; > 2007-10-25 13:09:47 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS> 2007-10-25 13:09:47 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility> 2007-10-25 13:09:47 51200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-10-24 18:14:00 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-10-24 18:02:06 3942 --a------ C:\WINDOWS\system32\tmp.reg 2007-10-24 17:43:31 0 d-------- C:\Documents and Settings\Owner\Application Data\Opera 2007-10-22 18:11:35 0 d-------- C:\Program Files\Video Add-on -- Find3M Report --------------------------------------------------------------- 2007-10-28 19:09:52 0 d-------- C:\Program Files\Apple Software Update 2007-10-25 12:29:24 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe 2007-10-24 23:10:53 0 d-------- C:\Program Files\QuickTime 2007-10-24 23:06:39 0 d-------- C:\Program Files\Messenger 2007-10-24 23:06:15 0 d-------- C:\Program Files\iTunes 2007-10-24 22:57:06 0 d-------- C:\Program Files\Ares 2007-10-24 19:50:26 0 d-------- C:\Program Files\Common Files\Adobe 2007-10-24 07:52:45 0 d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM 2007-10-22 18:53:51 0 d-------- C:\Program Files\Trend Micro 2007-09-28 08:28:38 0 d-------- C:\Program Files\DC++ 2007-09-15 19:45:00 0 d-------- C:\Program Files\Mordor II 2007-09-10 18:25:46 0 d-------- C:\Program Files\WildGames 2007-09-10 16:25:09 0 d-------- C:\Program Files\DevastationZoneTroopers_at 2007-09-10 15:28:37 0 d-------- C:\Program Files\The Dark Legions 2007-09-10 15:27:12 0 d-------- C:\Program Files\MrRobot 2007-09-10 15:26:27 0 d-------- C:\Program Files\Crimsonland 2007-09-10 11:27:44 61440 --a------ C:\WINDOWS\diabswun.exe 2007-09-10 11:27:44 86528 --a------ C:\WINDOWS\bnetunin.exe 2007-09-10 10:06:10 0 d-------- C:\Program Files\Virtual Villagers 2007-09-03 15:28:00 276480 --a------ C:\WINDOWS\system32\tyekjvcbnm.exe -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B499D34E-58EF-4927-AB9F-7AF52B2C4C82}] 24/10/2007 17:48 11264 --a------ C:\Program Files\Video Add-on\isfmdl.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}"= C:\Program Files\Video Add-on\ictmdl.dll [22/10/2007 18:11 78336] [-HKEY_CLASSES_ROOT\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [02/10/2003 13:37] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [02/10/2003 13:19] "rsy32"="C:\WINDOWS\System32\rsy32.exe" [] "LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [19/07/2005 17:32] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [08/06/2005 15:24] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [08/06/2005 15:14] "pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe" [08/03/2006 13:30] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [25/10/2006 18:58] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/10/2006 09:36] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [29/09/2003 23:14] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [21/03/2006 12:19] "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [04/02/2002 21:32] "NapsterShell"="C:\Program Files\Napster\napster.exe" [] "Picasa Media Detector"="D:\new\my documents\My Downloads\Picasa2\PicasaMediaDetector.exe" [12/12/2006 00:36] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 18:51] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [06/04/2007 09:17] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [08/06/2005 14:44] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 00:56] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 16:24] "ares"="C:\Program Files\Ares\Ares.exe" [14/05/2007 22:37] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Picasa Media Detector"=D:\new\my documents\My Downloads\Picasa2\PicasaMediaDetector.exe C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 18:16:50] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [06/04/2007 09:17:02] TalkTalk SNU5630NS 05 Wireless USB Adapter.lnk - C:\Program Files\TalkTalk\TalkTalk SNU5630NS 05 Wireless USB Adapter Utility\TTUSBBGMonitor.exe [09/06/2006 16:57:50] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" -- End of Deckard's System Scanner: finished at 2007-11-08 17:50:52 ------------
  5. Hi Sari, Thanks very much for your patient help. Bad news I'm afraid. I've got the same problem as when I tried to run Smitfraudfix on Safe Mode; I can't do it, when I type Y to run the program nothing happens and the cursor gets still I can't move it and my only alternative as far as I can see is to reboot the computer. Another thing that may be relevant: every time I log on to my account the following message appears: "TmPfw has encountered a problem and needs to close. We are sorry for the inconvenience." This message didn't appear before the virus infected my PC. Thanks again Marco
  6. Yes that's what happens, I've tried again but clicking on the smitfraudfix icon directly, I press any key and the program doesn't run it gets stuck. I can't move the cursor or do anything so I have to manually switch off the computer. Marco
  7. hI Sari, Following your instructions I've installed the newest version of Smitfraud and tried to run it on Safe Mode but I can't do it. When I click on smitfraudfix.cmd a new window opens where it prompts me to press a key, I do this and the computer gets blocked. I can only turn it off and restart again and the same thing happens time and time again. Another thing: this virus has also hijacked my Antivirus program which I cannot access. thanks Marco
  8. Hi Sari and thanks for your help. I have got rid of those two buggers but my homepage remains hijacked by this website:http://asecurityassurance.com/ I've tried to change it to my usual using Internet Options but it will not allow me to do so. Another problem I have is that whenever I try to acces PDF type web pages my browser closes automatically. These are the reports you requested: SmitFraudFix v2.240 Scan done at 19:02:00.67, 24/10/2007 Run from C:\Documents and Settings\Yoly\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{ab75cc7d-2751-4144-a278-5462d5a5884c}"="bokard" [HKEY_CLASSES_ROOT\CLSID\{ab75cc7d-2751-4144-a278-5462d5a5884c}\InProcServer32] @="C:\WINDOWS\system32\dfrep.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{ab75cc7d-2751-4144-a278-5462d5a5884c}\InProcServer32] @="C:\WINDOWS\system32\dfrep.dll" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri C:\WINDOWS\system32\dfrep.dll -> Hoax.Win32.Renos.gen.o C:\WINDOWS\system32\dfrep.dll -> Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{A51BBA3E-D43B-44A6-803E-41CF8BF6D43F}: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{A51BBA3E-D43B-44A6-803E-41CF8BF6D43F}: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{A51BBA3E-D43B-44A6-803E-41CF8BF6D43F}: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Incident Status Location Adware:Adware/VideoAddon Not disinfected C:\Program Files\Video Add-on\isfmdl.dll Spyware:spyware/web3000 Not disinfected c:\windows\hh.ico Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44cf-8957-5838F569A31D} Potentially unwanted tool:application/funweb Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} Potentially unwanted tool:Application/InternetGameBox Not disinfected C:\Deckard\System Scanner\20071024184951\backup\WINDOWS\temp\NSIS_Install_igb.exe Potentially unwanted tool:Application/SpywareSecure Not disinfected C:\Deckard\System Scanner\20071024184951\backup\WINDOWS\temp\NSIS_SpywareSecure_trial_setup.exe Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Guest\Cookies\[email protected][1].txt Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ejlx71rq.default\cookies.txt[.112.2o7.net/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ejlx71rq.default\cookies.txt[.2o7.net/] Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ejlx71rq.default\cookies.txt[.adultfriendfinder.com/] Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ejlx71rq.default\cookies.txt[.bravenet.com/] Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ejlx71rq.default\cookies.txt[.cs.sexcounter.com/] Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ejlx71rq.default\cookies.txt[.paycounter.com/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ejlx71rq.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ejlx71rq.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ejlx71rq.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ejlx71rq.default\cookies.txt[.weborama.fr/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ejlx71rq.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/web-stat Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ejlx71rq.default\cookies.txt[www.web-stat.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Spyware:Cookie/web-stat Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Spyware:Cookie/XXXCounter Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Potentially unwanted tool:Application/Pskill.A Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\pskill.exe Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Yoly\Application Data\Mozilla\Firefox\Profiles\35nojpbr.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Yoly\Application Data\Mozilla\Firefox\Profiles\35nojpbr.default\cookies.txt[.atdmt.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Yoly\Application Data\Mozilla\Firefox\Profiles\35nojpbr.default\cookies.txt[.2o7.net/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Yoly\Application Data\Mozilla\Firefox\Profiles\35nojpbr.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Yoly\Application Data\Mozilla\Firefox\Profiles\35nojpbr.default\cookies.txt[.adrevolver.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Yoly\Application Data\Mozilla\Firefox\Profiles\35nojpbr.default\cookies.txt[.advertising.com/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Yoly\Application Data\Mozilla\Firefox\Profiles\35nojpbr.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Yoly\Application Data\Mozilla\Firefox\Profiles\35nojpbr.default\cookies.txt[statse.webtrendslive.com/] Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Yoly\Application Data\Mozilla\Firefox\Profiles\35nojpbr.default\cookies.txt[hc2.humanclick.com/] Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Yoly\Application Data\Mozilla\Firefox\Profiles\35nojpbr.default\cookies.txt[hc2.humanclick.com/hc/87506651] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Yoly\Application Data\Mozilla\Firefox\Profiles\35nojpbr.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/Bilbo.counted Not disinfected C:\Documents and Settings\Yoly\Application Data\Mozilla\Firefox\Profiles\35nojpbr.default\cookies.txt[bilbo.counted.com/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Yoly\Application Data\Mozilla\Firefox\Profiles\35nojpbr.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Yoly\Application Data\Mozilla\Firefox\Profiles\35nojpbr.default\cookies.txt[.tradedoubler.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Yoly\Application Data\Mozilla\Firefox\Profiles\35nojpbr.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Yoly\Application Data\Mozilla\Firefox\Profiles\35nojpbr.default\cookies.txt[.bluestreak.com/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Yoly\Application Data\Mozilla\Firefox\Profiles\35nojpbr.default\cookies.txt[.perf.overture.com/] Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Yoly\Application Data\Mozilla\Firefox\Profiles\35nojpbr.default\cookies.txt[.adviva.net/] Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Yoly\Application Data\Mozilla\Firefox\Profiles\35nojpbr.default\cookies.txt[.statcounter.com/] Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Yoly\Application Data\Mozilla\Firefox\Profiles\35nojpbr.default\cookies.txt[.zedo.com/] Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Yoly\Application Data\Mozilla\Firefox\Profiles\35nojpbr.default\cookies.txt[.statcounter.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Yoly\Cookies\[email protected][2].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Yoly\Cookies\[email protected][1].txt Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Yoly\Cookies\[email protected][1].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Yoly\Cookies\[email protected][1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Yoly\Cookies\[email protected][2].txt Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Yoly\Cookies\[email protected][1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Yoly\Cookies\[email protected][2].txt Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Yoly\Cookies\[email protected][2].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Yoly\Cookies\[email protected][2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Yoly\Cookies\[email protected][1].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Yoly\Cookies\[email protected][2].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Yoly\Cookies\[email protected][2].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Yoly\Cookies\[email protected][3].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Yoly\Cookies\[email protected][1].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Yoly\Cookies\[email protected][2].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Yoly\Cookies\[email protected][2].txt Spyware:Cookie/Research-int Not disinfected C:\Documents and Settings\Yoly\Cookies\[email protected][1].txt Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Yoly\Cookies\[email protected][1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Yoly\Cookies\[email protected][1].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Yoly\Cookies\[email protected][2].txt Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Yoly\Cookies\[email protected][2].txt Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Yoly\Cookies\[email protected][1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Yoly\Cookies\[email protected][1].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Yoly\Cookies\[email protected][1].txt Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Yoly\Desktop\SmitfraudFix\Process.exe Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\Yoly\Desktop\SmitfraudFix\Reboot.exe Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Yoly\Desktop\SmitfraudFix\restart.exe Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\Yoly\Desktop\SmitfraudFix.exe Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\Yoly\Local Settings\Application Data\Mozilla\Firefox\Profiles\35nojpbr.default\Cache\51F1B901d01 Potentially unwanted tool:Application/SpywareSecure Not disinfected C:\Documents and Settings\Yoly\My Documents\My Videos\SpywareSecure_trial_setup.exe Adware:Adware/PC-Prot Not disinfected C:\Program Files\Video Add-on\ictun.exe Adware:Adware/VideoAddon Not disinfected C:\Program Files\Video Add-on\isfmm.exe Adware:Adware/VideoAddon Not disinfected C:\Program Files\Video Add-on\isfmntr.exe Adware:Adware/Trymedia Not disinfected C:\RECYCLER\S-1-5-21-1060284298-602162358-839522115-1003\Dc143.exe Adware:Adware/Trymedia Not disinfected C:\RECYCLER\S-1-5-21-1060284298-602162358-839522115-1003\Dc145.exe Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe Potentially unwanted tool:Application/Processor Not disinfected D:\NAPO\my documents\My Downloads\smitRem\Process.exe Potentially unwanted tool:Application/Processor Not disinfected D:\NAPO\my documents\My Downloads\smitRem.exe[smitRem/Process.exe] Virus:Trj/Downloader.FA Not disinfected D:\NAPO\my documents\Screensavers\Dolphins-Screensaver-v311.exe[aud-cnet9.exe] Virus:Trj/Downloader.EF Not disinfected D:\NAPO\my documents\Screensavers\Dolphins-Screensaver-v311.exe[augscrsvr.exe] Spyware:Spyware/Systemcheck Not disinfected D:\NAPO\my documents\Screensavers\Dolphins-Screensaver-v311.exe[dolphinschk.exe] Potentially unwanted tool:Application/MyWay Not disinfected D:\NAPO\my documents\Screensavers\ocean.EXE Adware:Adware/Exact.SearchBar Not disinfected D:\NAPO\my documents\Screensavers\Real-3D-Matrix.exe[data\App\4\exact.exe] Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:14:44, on 25/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe D:\new\my documents\My Downloads\Picasa2\PicasaMediaDetector.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\PROGRA~1\MESSEN~1\msmsgs.exe C:\Program Files\Ares\Ares.exe C:\Program Files\TalkTalk\TalkTalk SNU5630NS 05 Wireless USB Adapter Utility\TTUSBBGMonitor.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {B499D34E-58EF-4927-AB9F-7AF52B2C4C82} - C:\Program Files\Video Add-on\isfmdl.dll O3 - Toolbar: IE Custom Tools - {6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16} - C:\Program Files\Video Add-on\ictmdl.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [rsy32] C:\WINDOWS\System32\rsy32.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray O4 - HKLM\..\Run: [Picasa Media Detector] D:\new\my documents\My Downloads\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [FT Desktop news alerts] "C:\Program Files\FT Desktop news alerts\FTDesktopnewsalerts.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [CrawlerMail] c:\progra~1\inbox\cmail.exe /startup O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: TalkTalk SNU5630NS 05 Wireless USB Adapter.lnk = C:\Program Files\TalkTalk\TalkTalk SNU5630NS 05 Wireless USB Adapter Utility\TTUSBBGMonitor.exe O8 - Extra context menu item: Download Image with Download Manager - tbr:iemenudownload O8 - Extra context menu item: Download URL in selection with Download Manager - tbr:iemenudownsel O8 - Extra context menu item: Download URL with Download Manager - tbr:iemenudownload O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Inbox Search - tbr:iemenu O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1165445224218 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165447675281 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/NewUploader/ImageUploader4.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/prequal/MotivePreQual.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe O23 - Service: Windows Security Manager - Unknown owner - C:\WINDOWS\system32\vcmon.exe (file missing) -- End of file - 8227 bytes
  9. I have inadvertently installed what was supposed to be a simple movie add-on and my home page has been hijacked. On the Add or Remove Programs screen these two appear:IE Custom Tools,IE Safety Features and I can't remove them. Can anybody please help? These are the hijack this reports: Deckard's System Scanner v20071014.68 Run by Yoly on 2007-10-22 19:50:42 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 70: 2007-10-22 18:50:53 UTC - RP296 - Deckard's System Scanner Restore Point 69: 2007-10-22 09:43:02 UTC - RP295 - System Checkpoint 68: 2007-10-20 22:34:39 UTC - RP294 - System Checkpoint 67: 2007-10-19 21:20:43 UTC - RP293 - System Checkpoint 66: 2007-10-18 21:07:23 UTC - RP292 - System Checkpoint -- First Restore Point -- 1: 2007-08-02 18:12:49 UTC - RP227 - System Checkpoint Backed up registry hives. Performed disk cleanup. Total Physical Memory: 510 MiB (512 MiB recommended). -- HijackThis (run as Yoly.exe) ------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:54:03, on 22/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Video Add-on\isfmntr.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe D:\new\my documents\My Downloads\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\PROGRA~1\MESSEN~1\msmsgs.exe C:\Program Files\Ares\Ares.exe C:\Program Files\Video Add-on\isfmm.exe C:\Program Files\TalkTalk\TalkTalk SNU5630NS 05 Wireless USB Adapter Utility\TTUSBBGMonitor.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Yoly\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Yoly.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {B499D34E-58EF-4927-AB9F-7AF52B2C4C82} - C:\Program Files\Video Add-on\isfmdl.dll O3 - Toolbar: IE Custom Tools - {6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16} - C:\Program Files\Video Add-on\ictmdl.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [rsy32] C:\WINDOWS\System32\rsy32.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray O4 - HKLM\..\Run: [xvgmujwqp] c:\windows\system32\xvgmujwqp.exe xvgmujwqp O4 - HKLM\..\Run: [Picasa Media Detector] D:\new\my documents\My Downloads\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [FT Desktop news alerts] "C:\Program Files\FT Desktop news alerts\FTDesktopnewsalerts.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [CrawlerMail] c:\progra~1\inbox\cmail.exe /startup O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Video Add-on\isfmntr.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: TalkTalk SNU5630NS 05 Wireless USB Adapter.lnk = C:\Program Files\TalkTalk\TalkTalk SNU5630NS 05 Wireless USB Adapter Utility\TTUSBBGMonitor.exe O8 - Extra context menu item: Download Image with Download Manager - tbr:iemenudownload O8 - Extra context menu item: Download URL in selection with Download Manager - tbr:iemenudownsel O8 - Extra context menu item: Download URL with Download Manager - tbr:iemenudownload O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Inbox Search - tbr:iemenu O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1165445224218 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165447675281 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/NewUploader/ImageUploader4.cab O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/prequal/MotivePreQual.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O22 - SharedTaskScheduler: bokard - {ab75cc7d-2751-4144-a278-5462d5a5884c} - C:\WINDOWS\system32\dfrep.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe O23 - Service: Windows Security Manager - Unknown owner - C:\WINDOWS\system32\vcmon.exe (file missing) -- End of file - 8932 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver> R1 StarOpen - c:\windows\system32\drivers\staropen.sys R1 tmtdi (Trend Micro TDI Driver) - c:\windows\system32\drivers\tmtdi.sys <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 2.0> R2 tm_cfw (Common Firewall Driver) - c:\windows\system32\drivers\tm_cfw.sys <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 2.0> R2 ZDPSp50 (ZDPSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\zdpsp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> S3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 PcCtlCom (Trend Micro Central Control Component) - c:\progra~1\trendm~1\intern~2\pcctlcom.exe <Not Verified; Trend Micro Incorporated.; Trend Micro Internet Security> R2 Tmntsrv (Trend Micro Real-time Service) - c:\progra~1\trendm~1\intern~2\tmntsrv.exe <Not Verified; Trend Micro Incorporated.; Trend Micro Internet Security> R2 TmPfw (Trend Micro Personal Firewall) - c:\progra~1\trendm~1\intern~2\tmpfw.exe <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 2.0> R2 tmproxy (Trend Micro Proxy Service) - c:\progra~1\trendm~1\intern~2\tmproxy.exe <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 2.0> S2 Windows Security Manager - "c:\windows\system32\vcmon.exe" (file missing) S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: PCI Modem Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&3B1CAF2B&0&28F0 Manufacturer: Name: PCI Modem PNP Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&3B1CAF2B&0&28F0 Service: -- Scheduled Tasks ------------------------------------------------------------- 2007-10-22 10:15:47 422 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6144042F-5447-427E-8D14-3D5A94F277F8}.job 2007-10-21 17:57:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2007-09-22 and 2007-10-22 ----------------------------- 2007-10-22 19:11:35 0 d-------- C:\Program Files\Video Add-on -- Find3M Report --------------------------------------------------------------- 2007-10-22 19:53:51 0 d-------- C:\Program Files\Trend Micro 2007-10-20 21:47:48 12800 --a-s---- C:\WINDOWS\system32\dfrep.dll 2007-09-28 09:28:38 0 d-------- C:\Program Files\DC++ 2007-09-15 20:45:00 0 d-------- C:\Program Files\Mordor II 2007-09-10 19:25:46 0 d-------- C:\Program Files\WildGames 2007-09-10 17:25:09 0 d-------- C:\Program Files\DevastationZoneTroopers_at 2007-09-10 16:28:37 0 d-------- C:\Program Files\The Dark Legions 2007-09-10 16:27:12 0 d-------- C:\Program Files\MrRobot 2007-09-10 16:26:27 0 d-------- C:\Program Files\Crimsonland 2007-09-10 12:27:44 61440 --a------ C:\WINDOWS\diabswun.exe 2007-09-10 12:27:44 86528 --a------ C:\WINDOWS\bnetunin.exe 2007-09-10 11:06:10 0 d-------- C:\Program Files\Virtual Villagers 2007-09-04 17:42:14 0 d-------- C:\Program Files\Takatis - A Tribute To Manfred Trenz 2007-09-03 16:28:00 276480 --a------ C:\WINDOWS\system32\tyekjvcbnm.exe 2007-09-02 11:40:48 0 d-------- C:\Program Files\MathType 2007-08-31 23:42:34 0 d-------- C:\Program Files\Realore -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B499D34E-58EF-4927-AB9F-7AF52B2C4C82}] 22/10/2007 19:40 11264 --a------ C:\Program Files\Video Add-on\isfmdl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [02/10/2003 14:37] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [02/10/2003 14:19] "rsy32"="C:\WINDOWS\System32\rsy32.exe" [] "LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [19/07/2005 18:32] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [08/06/2005 16:24] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [08/06/2005 16:14] "pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe" [08/03/2006 14:30] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [25/10/2006 19:58] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/10/2006 10:36] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [30/09/2003 00:14] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [21/03/2006 13:19] "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [04/02/2002 22:32] "NapsterShell"="C:\Program Files\Napster\napster.exe" [] "xvgmujwqp"="c:\windows\system32\xvgmujwqp.exe" [10/09/2007 09:07] "Picasa Media Detector"="D:\new\my documents\My Downloads\Picasa2\PicasaMediaDetector.exe" [12/12/2006 01:36] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 01:56] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [06/04/2007 10:17] "FT Desktop news alerts"="C:\Program Files\FT Desktop news alerts\FTDesktopnewsalerts.exe" [] "MSMSGS"="C:\PROGRA~1\MESSEN~1\msmsgs.exe" [13/10/2004 17:24] "RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [] "CrawlerMail"="c:\progra~1\inbox\cmail.exe" [] "ares"="C:\Program Files\Ares\Ares.exe" [14/05/2007 23:37] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Picasa Media Detector"=D:\new\my documents\My Downloads\Picasa2\PicasaMediaDetector.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 23:05:26] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [06/04/2007 10:17:02] TalkTalk SNU5630NS 05 Wireless USB Adapter.lnk - C:\Program Files\TalkTalk\TalkTalk SNU5630NS 05 Wireless USB Adapter Utility\TTUSBBGMonitor.exe [09/06/2006 17:57:50] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "start"=C:\Program Files\Video Add-on\isfmntr.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{ab75cc7d-2751-4144-a278-5462d5a5884c}"= C:\WINDOWS\system32\dfrep.dll [20/10/2007 21:47 12800] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" -- End of Deckard's System Scanner: finished at 2007-10-22 19:54:50 ------------ Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel® Pentium® 4 CPU 3.06GHz Percentage of Memory in Use: 65% Physical Memory (total/avail): 510 MiB / 176.55 MiB Pagefile Memory (total/avail): 1248.8 MiB / 851.99 MiB Virtual Memory (total/avail): 2047.88 MiB / 1915.99 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 50.85 GiB total, 8.07 GiB free. D: is Fixed (NTFS) - 23.66 GiB total, 5.7 GiB free. E: is CDROM (CDFS) \\.\PHYSICALDRIVE0 - ST380011A - 74.5 GiB - 2 partitions \PARTITION0 (bootable) - Installable File System - 50.85 GiB - C: \PARTITION1 - Extended w/Extended Int 13 - 23.66 GiB - D: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. FW: Trend Micro PC-cillin Internet Security (Firewall) v14 (Trend Micro, Inc.) AV: Trend Micro PC-cillin Internet Security 2006 v14.10.1041 (Trend Micro, Inc.) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "C:\\Program Files\\Minions of Mirth\\bin\\MinionsOfMirth.exe"="C:\\Program Files\\Minions of Mirth\\bin\\MinionsOfMirth.exe:*:Enabled:MinionsOfMirth" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Disabled:BitComet - a BitTorrent Client" "C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:Enabled:DC++" "C:\\Program Files\\Yahoo! Games\\Alien Shooter\\AlienShooter.exe"="C:\\Program Files\\Yahoo! Games\\Alien Shooter\\AlienShooter.exe:*:Disabled:AlienShooter Application" "C:\\Program Files\\Yahoo! Games\\Blackhawk Striker 2\\Blackhawk2.exe"="C:\\Program Files\\Yahoo! Games\\Blackhawk Striker 2\\Blackhawk2.exe:*:Enabled:Black Hawk Striker 2" "C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\Rar$EX01.594\\emule.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\Rar$EX01.594\\emule.exe:*:Enabled:eMule" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" "C:\\Program Files\\Minions of Mirth\\bin\\MinionsOfMirth.exe"="C:\\Program Files\\Minions of Mirth\\bin\\MinionsOfMirth.exe:*:Enabled:MinionsOfMirth" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Yoly\Application Data CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=MARCO ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Yoly LOGONSERVER=\\MARCO NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Samsung\Samsung PC Studio 3\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0209 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Yoly\LOCALS~1\Temp TMP=C:\DOCUME~1\Yoly\LOCALS~1\Temp USERDOMAIN=MARCO USERNAME=Yoly USERPROFILE=C:\Documents and Settings\Yoly windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Owner (admin) Yoly (admin) Guest (guest) -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103} Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39} Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001} Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D} Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002} Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Adobe Stock Photos 1.0 --> MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A} Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D} Ares 2.0.9 --> "C:\Program Files\Ares\uninstall.exe" AVIcodec (remove only) --> "C:\Program Files\AVIcodec\uninst.exe" Broadcom 440x 10/100 Integrated Controller --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{52504CE6-E909-4113-B232-4AFEC6543A61} /l1033 Caesar 3 --> C:\WINDOWS\IsUninst.exe -fC:\SIERRA\Caesar3\Uninst.isu Canon MP Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58F8C6D9-5B55-486A-A322-4E8D87670031}\Setup.exe" -l0x9 -Uninstall Canon MP Navigator 3.0 --> "C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini Canon MP Toolbox 4.1.1.0.mp10 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4669544E-20E4-4E56-8B44-2E6E1200051F}\Setup.exe" -l0x9 -Uninstall Canon MP160 --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160 /L0x0009 Canon MP160 User Registration --> C:\Program Files\Canon\IJEREG\MP160\UNINST.EXE Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe" DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN eMule --> "C:\Program Files\eMule\Uninstall.exe" Encyclopaedia Britannica Deluxe Edition 2004 CD-ROM --> "C:\Program Files\Britannica 2004\Encyclopaedia Britannica 2004 Deluxe Edition\UninstallerData\Uninstall Encyclopaedia Britannica 2004 Deluxe Edition.exe" FATE --> "C:\Program Files\WildGames\FATE\Uninstall.exe" FinePixViewer Ver.4.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE" FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE" Google Earth --> MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B} Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" IE Custom Tools --> "C:\Program Files\Video Add-on\ictun.exe" IE Safety Features --> "C:\Program Files\Video Add-on\isfun.exe" Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562 iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4} Libros en pantalla de Microsoft SQL Server 2005 (español) (abril de 2006) --> MsiExec.exe /I{3E40C7A9-027C-4906-98AC-71AD0E84F143} Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL Logitech Print Service --> C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG Logitech QuickCam Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x9 Logitech® Camera Driver --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT Macromedia Flash Player 8 --> MsiExec.exe /X{5E8A1B08-0FBD-4543-9646-F2C2D0D05750} MathType 5 --> "C:\Program Files\MathType\Setup.exe" -R Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120 Microsoft Office Basic Edition 2003 --> MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9} Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" nFLVPlayer --> "C:\Program Files\zeraha.org\nFLVPlayer\unins000.exe" PHStat2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8928A887-1321-11D6-A1EC-C98533E76960} Picasa 2 --> "D:\new\my documents\My Downloads\Picasa2\Uninstall.exe" QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A} SAMSUNG CDMA Modem Driver Set --> C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe SAMSUNG Mobile Composite Device Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe Samsung Mobile phone USB driver Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe Samsung PC Studio 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x9 -removeonly ScanSoft OmniPage SE 4.0 --> MsiExec.exe /I{29D851C2-048C-4B5E-8D1F-25D473342BB5} Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Sierra Utilities --> .\sutil32.exe uninstall Skype 2.5 --> "C:\Program Files\Skype\Phone\unins000.exe" Sony Ericsson PC Suite --> MsiExec.exe /I{C037D08B-4883-491D-9329-DC5ACA90F797} SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" Takatis - A Tribute To Manfred Trenz --> "C:\Program Files\Takatis - A Tribute To Manfred Trenz\Uninstall Takatis - A Tribute To Manfred Trenz.exe" TalkTalk SNU5630NS/05 Wireless USB Adapter --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4622F6EA-5EB3-49A9-AE31-4A960B85F46A} Trend Micro PC-cillin Internet Security 2006 --> MsiExec.exe /X{EA8C73AA-3D75-44C9-87A2-8E945FC5FEE6} Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Safety Alert --> C:\Documents and Settings\Owner\Local Settings\Temp\laf1.exe /del WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe Xenon 2000 - Project PCF --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93EE3C83-725F-4EA4-891A-CD6B019FCDC1}\Setup.exe" -- Application Event Log ------------------------------------------------------- Event Record #/Type3690 / Warning Event Submitted/Written: 10/22/2007 07:40:55 PM Event ID/Source: 32068 / Microsoft Fax Event Description: The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly. Country/region code: '*' Area code: '*' Event Record #/Type3689 / Warning Event Submitted/Written: 10/22/2007 07:40:55 PM Event ID/Source: 32026 / Microsoft Fax Event Description: Fax Service failed to initialize any assigned fax devices (virtual or TAPI). No faxes can be sent or received until a fax device is installed. Event Record #/Type3685 / Error Event Submitted/Written: 10/22/2007 07:39:41 PM Event ID/Source: 4609 / EventSystem Event Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BA from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error. Event Record #/Type3684 / Error Event Submitted/Written: 10/22/2007 07:39:40 PM Event ID/Source: 4609 / EventSystem Event Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BA from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error. Event Record #/Type3679 / Warning Event Submitted/Written: 10/22/2007 07:34:43 PM Event ID/Source: 32068 / Microsoft Fax Event Description: The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly. Country/region code: '*' Area code: '*' -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type28308 / Error Event Submitted/Written: 10/22/2007 07:39:02 PM Event ID/Source: 7034 / Service Control Manager Event Description: The WebClient service terminated unexpectedly. It has done this 1 time(s). Event Record #/Type28307 / Error Event Submitted/Written: 10/22/2007 07:39:02 PM Event ID/Source: 7031 / Service Control Manager Event Description: The Universal Plug and Play Device Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Event Record #/Type28306 / Error Event Submitted/Written: 10/22/2007 07:39:02 PM Event ID/Source: 7034 / Service Control Manager Event Description: The SSDP Discovery Service service terminated unexpectedly. It has done this 1 time(s). Event Record #/Type28305 / Error Event Submitted/Written: 10/22/2007 07:39:02 PM Event ID/Source: 7034 / Service Control Manager Event Description: The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s). Event Record #/Type28287 / Error Event Submitted/Written: 10/22/2007 07:38:57 PM Event ID/Source: 7034 / Service Control Manager Event Description: The DNS Client service terminated unexpectedly. It has done this 1 time(s). -- End of Deckard's System Scanner: finished at 2007-10-22 19:54:50 ------------